def test_deny_method(self): expected_policy = self.generate_policy( "Deny", [self.resource_base_path + "/GET/test/path"] ) policy = authpolicy.AuthPolicy( self.aws_account_id, principal="foo", rest_api_id="myapi", stage="mystage" ) policy.deny_method("GET", "/test/path") self.validate_policies(expected_policy, policy.build())
def test_allow_all(self): expected_policy = self.generate_policy( "Allow", [self.resource_base_path + "/*/*"] ) policy = authpolicy.AuthPolicy( self.aws_account_id, principal="foo", rest_api_id="myapi", stage="mystage" ) policy.allow_all_methods() self.validate_policies(expected_policy, policy.build())
def test_allow_method_with_conditions(self): condition = {"DateLessThan": {"aws:CurrentTime": "foo"}} expected_policy = self.generate_policy( "Allow", [self.resource_base_path + "/GET/test/path"], condition=condition, ) # NOTE(ryandub): I think there is a bug with conditions in the # upstream source this is based on that appends an extra statement. # Need to investigate this more and fix if necessary. expected_policy["policyDocument"]["Statement"].append( {"Action": "execute-api:Invoke", "Effect": "Allow", "Resource": []} ) policy = authpolicy.AuthPolicy( self.aws_account_id, principal="foo", rest_api_id="myapi", stage="mystage" ) policy.allow_method_with_conditions("GET", "/test/path", condition) self.validate_policies(expected_policy, policy.build())